Could you fall victim to crime simply by geotagging location info to your photos?

Global Positioning System satellite technology (better known as GPS) is embedded into so many of the devices we use today for location purposes, that we sometimes take it for granted. From using it to find our way home when we are lost to getting directions to that new trendy restaurant, we don’t even give it a second thought anymore, yet, it’s a valuable tool in our daily routine.

One use of GPS is geotagging, which is the process of attaching location information to content such as a photograph or video (when you shoot and upload a photo to Facebook with the location of your whereabouts, for example, that’s geotagging). It’s one of the components that make our photos more “social.”

“Geotagging is adding geo-location metadata to an image or social media post,” says Gerald Friedland, director of Audio and Multimedia Research at the International Computer Science Institute, a private, non-profit research laboratory affiliated with the University of California, Berkeley. “In other words, earth coordinates (often accurate to +/-1m) as reported by GPS modules built into cell phones and cameras (or guessed using Wi-Fi and cell-tower triangulation) are embedded in machine-readable format (i.e., not necessarily obvious to humans) as part of a JPEG file, a Twitter post, or Facebook Places. Geo-coordinates are often also reported to apps running on a cell phone, such as Angry Birds.”

Besides location, that metadata (found in a file’s EXIF data) might also include elevation, bearing, distance, and even the name of a place like restaurants and shops. Photographers can benefit from photos encoded with GPS data: Using the data, photos can be easily cataloged, organized, and classified, especially into areas of special interest.

Today, everyone who uses social media like Twitter, Facebook, and Instagram is most likely utilizing this technology in some form – whether they realize it or not. While seemingly harmless, with every photo they post, there are possible dangers that users may not be aware of when they expose themselves, friends, and family members to. Before you succumb to fear and turn off the geotagging feature on your devices and apps, however, let’s look at how the process works, the security issues involved, and how you can easily keep yourself from harm.

Would you like to tag a safety threat to your photo?

Canon’s PowerShot SX280 HS is one such digital camera with built-in GPS you can use to geotag your photos.

Many smartphones and digital cameras come with built-in GPS with a geotagging feature that embeds at least the latitude and longitude coordinates of your location. Geotagging has an accuracy of within 15 feet.

But, while you are letting friends and families know where you are with your posts, you are also at risk from burglars and stalkers. It seems implausible, but posting photos and other media tagged with exact geolocation on the Internet allows random people with the right tracking software and wrong motives to find an individual’s location and correlate it with other information. Cyber criminals can quickly and easily find out when a person’s home is empty because the homeowner might post geotagged and time-stamped info both about their home address and their vacation residence, for example.

“The information is great for recording the location in which the photo was taken, which can then be used to sort photographs later – that’s how I and most people use it and that’s what it was originally designed for,” says Larry Pesce, senior security consultant with NWN Corporation in Waltham, Massachusetts. “However, there are a few security issues, mostly related in how the stored location information is used. I think the majority of people have no idea that the location of their images is being tagged. The big issue here is being aware of what exactly you are posting.”

Pesce was one of the co-developers of “I Can Stalk U,” a project designed to alert people about the potential dangers of geotagging. He says that by making this information public on their website, they are attempting to get enough exposure to the problem so that they can start to curb its continued use.

“Of concern to me, is that in many cases, the user doesn’t know the location information is stored in the photo (nor is it easily viewed), so they don’t know that there may be any perceived risk. Based on that, in how many folks use photos in social media in nearly real time, this can indicate location to the public as soon as it is posted,” Pesce points out.

“For example, if you post a photo tagged somewhere on a hiking trail, your stalker might know where you are for a visit. On the flip side, other folks know where you are not: at home, and now would be a perfect time to rob your house (because you’ve also likely posted photos of your new flat screen TV at your house, also with geotags),” Pesce adds.

Paranoia or actual danger?

There is a clear need for research on designing systems to be location-aware while at the same time offering maximum protection against privacy infringement.

Today, Friedland says people are stalking (and cyberstalking) for a variety of reasons. He has co-authored a study on the privacy implications of geotagging, which raises awareness of a rapidly emerging privacy threat that they term “cybercasing” or using geo-tagged information available online to mount real-world attacks or robberies.

“We were primarily concerned with the fact how easy it is to case out somebody’s life,” Friedland says. “Our first finding was that most people had no idea they were giving their location online when they posted pictures. There’s enough information out there that you can actually track people and do potential harm to them.”

As an example, Friedland cites what is possibly the most infamous occurrence of cybercasing. “In September 2010, three men burglarized more than 18 homes in the Nashua area of New Hampshire simply by tracking residents’ movements online and, when they were away, broke into their homes and took off with more than $100,000 worth of goods.”

He adds that a survey by a U.K. home security subsidiary of Honeywell, Friedland (no relation), revealed that social media is being put to use by today’s home burglars. “According to the survey, an overwhelming 78 percent of (convicted) ex-burglars interviewed said that they strongly believed social media platforms like Facebook, Twitter, and Four Square are being used by current thieves when targeting properties, with nearly three-quarters (74 percent) stating that, in their expert opinion, Google Street View was playing a role in many of today’s home thefts,” Friedland says.

Honeywell/Friedland says that interviewed ex-burglars are already seeing geotagging and social media as their top sources of information for potential victims. The report revealed one of the most common mistakes that homeowners are making in the eyes of ex-burglars it that over half (54 percent) placing their status and whereabouts on social networking sites.

Secure Solutions

If you think you could fall victim to nefarious use of geotagging info against you, Pesce says that many of these dangers can be easily avoided by removing geotags with a metadata removal tool. “I geotag my photos where appropriate, but I’m always aware of exactly what I’m doing and so should the public.”

He adds that you can also disable the function on smartphones. “The directions vary per phone, OS, and version. Typically it can be found in under the security or location services menu,” Pesce says.

Friedland adds, always check images before publishing them. One way to do that is to install an EXIF viewer. He also points out some other methods:

If you plan to publish photos taken with your phone, convert them to PNG file format and publish them from your desktop computer

Don’t post on Twitter, Facebook, Instagram, or any other social media service from your cell phone. If you do, change the permissions of your cell phone to not report GPS coordinates to these applications.

“In general it’s good to be aware of how the Internet behaves in terms of privacy, and we are currently working on creating a simple curriculum for high school and undergraduates on that. We also have a preliminary visualization app that shows live geo-locations of Twitter posts,” Friedland says.

Like any crime, there are odds in whether someone actually falls victim to geotagging-related wrongdoing, but everyone who puts a public profile on the Web is a potential target – some more so than others. “Geotagging is a wonderful technology that drives innovation in many areas. However, there is a clear need for education, as well as for research on designing systems to be location-aware while at the same time offering maximum protection against privacy infringement,” he adds.